Solved: WSA certificate options for https proxy

David Niemann · ‎02-17-2015

Should an L1K intermediate cert from Entrust be recognized by the WSA? When I try to go to a website that is using an L1K Entrust cert the WSA is blocking the site.

Date: Wed, 18 Feb 2015 02:36:23 GMT
Username: <removed>
Source IP: 192.168.201.70
URL: GET https://<removed>/
Category: Government and Law
Reason: UNRECOGNIZED_ROOT_CERT
Notification: CERT_INVALID

Handy Putra · ‎02-17-2015

WSA does has Entrust cert however not for L1K.

You might want to export that certificate to your local machine and imported to the WSA HTTPS proxy Custom Trusted Certificates.

Normally i used Firefox and not using WSA as proxy as initial connection then get the cert from the remote site and save it locally then import it to the WSA HTTPS cert.

You might want to review the HTTPS log as well in WSA and set the log level to debug to get more details as why is failing.

Hope this helps

View solution in original post

Handy Putra · ‎02-17-2015

WSA does has Entrust cert however not for L1K.

You might want to export that certificate to your local machine and imported to the WSA HTTPS proxy Custom Trusted Certificates.

Normally i used Firefox and not using WSA as proxy as initial connection then get the cert from the remote site and save it locally then import it to the WSA HTTPS cert.

You might want to review the HTTPS log as well in WSA and set the log level to debug to get more details as why is failing.

Hope this helps

David Niemann · ‎02-18-2015

That worked.